Adam Sampson <a...@offog.org> writes:
> Dear libidn maintainers,
>
> This program causes a crash for me with libidn 1.31:
>
> """
> #include <idna.h>
>
> int main() {
> const char input[] = "\200bad.com";
> char *output;
>
> idna_to_unicode_8z8z(input, &output, 0);
>
> return 0;
> }
> """
>
> idna_to_unicode_8z8z ought to return IDNA_ICONV_ERROR because the input
> isn't valid UTF-8. However, it winds up calling free() with a junk
> pointer as a parameter. This is because:
>
> - in idna_to_unicode_8z8z, "char *ucs4" is uninitialised
> - idna_to_unicode_8z8z calls idna_to_unicode_8z4z, which returns
> IDNA_CONV_ERROR without initialising ucs4
> - idna_to_unicode_8z8z then does "free(ucs4)" before checking the return
> value from idna_to_unicode_8z4z
>
> It looks like some of the other API functions use the same pattern (e.g.
> ..._8zlz), so it would be worth checking those as well.Thank you for test, report and analysis! Indeed I found the same problem in idna_to_unicode_8z8z and idna_to_unicode_8zlz. Stay tuned for a fix. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Help-libidn mailing list Help-libidn@gnu.org https://lists.gnu.org/mailman/listinfo/help-libidn
